• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

icms

CVE-2020-19142

February 26, 2023 by

iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.

CVE-2020-18070

February 26, 2023 by

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the “do_del()” method of the component “database.admincp.php”.

CVE-2019-8902

February 26, 2023 by

An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users’ articles via the public/api.php?app=user URI.

CVE-2019-7237

February 26, 2023 by

An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse .. Directory Traversal.

CVE-2019-17583

February 26, 2023 by

idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.

CVE-2019-17552

February 26, 2023 by

An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the ‘upload spider project scheme’ feature via a two-dimensional payload.

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE